xref: /freebsd/lib/libc/posix1e/acl_support.c (revision 22cf89c938886d14f5796fc49f9f020c23ea8eaf) 
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 1999-2001, 2008 Robert N. M. Watson
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 /*
29  * Support functionality for the POSIX.1e ACL interface
30  * These calls are intended only to be called within the library.
31  */
32 
33 #include <sys/cdefs.h>
34 #include <sys/types.h>
35 #include "namespace.h"
36 #include <sys/acl.h>
37 #include "un-namespace.h"
38 #include <errno.h>
39 #include <grp.h>
40 #include <pwd.h>
41 #include <stdio.h>
42 #include <stdlib.h>
43 #include <string.h>
44 #include <assert.h>
45 
46 #include "acl_support.h"
47 
48 #define ACL_STRING_PERM_WRITE   'w'
49 #define ACL_STRING_PERM_READ    'r'
50 #define ACL_STRING_PERM_EXEC    'x'
51 #define ACL_STRING_PERM_NONE    '-'
52 
53 /*
54  * Return 0, if both ACLs are identical.
55  */
56 int
57 _acl_differs(const acl_t a, const acl_t b)
58 {
59 	int i;
60 	struct acl_entry *entrya, *entryb;
61 
62 	assert(_acl_brand(a) == _acl_brand(b));
63 
64 	if (a->ats_acl.acl_cnt != b->ats_acl.acl_cnt)
65 		return (1);
66 
67 	for (i = 0; i < b->ats_acl.acl_cnt; i++) {
68 		entrya = &(a->ats_acl.acl_entry[i]);
69 		entryb = &(b->ats_acl.acl_entry[i]);
70 
71 		if (entrya->ae_tag != entryb->ae_tag ||
72 		    entrya->ae_id != entryb->ae_id ||
73 		    entrya->ae_perm != entryb->ae_perm ||
74 		    entrya->ae_entry_type != entryb->ae_entry_type ||
75 		    entrya->ae_flags != entryb->ae_flags)
76 			return (1);
77 	}
78 
79 	return (0);
80 }
81 
82 /*
83  * _posix1e_acl_entry_compare -- compare two acl_entry structures to
84  * determine the order they should appear in.  Used by _posix1e_acl_sort to
85  * sort ACL entries into the kernel-desired order -- i.e., the order useful
86  * for evaluation and O(n) validity checking.  Beter to have an O(nlogn) sort
87  * in userland and an O(n) in kernel than to have both in kernel.
88  */
89 typedef int (*compare)(const void *, const void *);
90 static int
91 _posix1e_acl_entry_compare(struct acl_entry *a, struct acl_entry *b)
92 {
93 
94 	assert(_entry_brand(a) == ACL_BRAND_POSIX);
95 	assert(_entry_brand(b) == ACL_BRAND_POSIX);
96 
97 	/*
98 	 * First, sort between tags -- conveniently defined in the correct
99 	 * order for verification.
100 	 */
101 	if (a->ae_tag < b->ae_tag)
102 		return (-1);
103 	if (a->ae_tag > b->ae_tag)
104 		return (1);
105 
106 	/*
107 	 * Next compare uids/gids on appropriate types.
108 	 */
109 
110 	if (a->ae_tag == ACL_USER || a->ae_tag == ACL_GROUP) {
111 		if (a->ae_id < b->ae_id)
112 			return (-1);
113 		if (a->ae_id > b->ae_id)
114 			return (1);
115 
116 		/* shouldn't be equal, fall through to the invalid case */
117 	}
118 
119 	/*
120 	 * Don't know how to sort multiple entries of the rest--either it's
121 	 * a bad entry, or there shouldn't be more than one.  Ignore and the
122 	 * validity checker can get it later.
123 	 */
124 	return (0);
125 }
126 
127 /*
128  * _posix1e_acl_sort -- sort ACL entries in POSIX.1e-formatted ACLs.
129  */
130 void
131 _posix1e_acl_sort(acl_t acl)
132 {
133 	struct acl *acl_int;
134 
135 	acl_int = &acl->ats_acl;
136 
137 	qsort(&acl_int->acl_entry[0], acl_int->acl_cnt,
138 	    sizeof(struct acl_entry), (compare) _posix1e_acl_entry_compare);
139 }
140 
141 /*
142  * acl_posix1e -- in what situations should we acl_sort before submission?
143  * We apply posix1e ACL semantics for any ACL of type ACL_TYPE_ACCESS or
144  * ACL_TYPE_DEFAULT
145  */
146 int
147 _posix1e_acl(acl_t acl, acl_type_t type)
148 {
149 
150 	if (_acl_brand(acl) != ACL_BRAND_POSIX)
151 		return (0);
152 
153 	return ((type == ACL_TYPE_ACCESS) || (type == ACL_TYPE_DEFAULT));
154 }
155 
156 /*
157  * _posix1e_acl_check -- given an ACL, check its validity.  This is mirrored
158  * from code in sys/kern/kern_acl.c, and if changes are made in one, they
159  * should be made in the other also.  This copy of acl_check is made
160  * available * in userland for the benefit of processes wanting to check ACLs
161  * for validity before submitting them to the kernel, or for performing
162  * in userland file system checking.  Needless to say, the kernel makes
163  * the real checks on calls to get/setacl.
164  *
165  * See the comments in kernel for explanation -- just briefly, it assumes
166  * an already sorted ACL, and checks based on that assumption.  The
167  * POSIX.1e interface, acl_valid(), will perform the sort before calling
168  * this.  Returns 0 on success, EINVAL on failure.
169  */
170 int
171 _posix1e_acl_check(acl_t acl)
172 {
173 	struct acl *acl_int;
174 	struct acl_entry	*entry; 	/* current entry */
175 	uid_t	highest_uid=0, highest_gid=0;
176 	int	stage = ACL_USER_OBJ;
177 	int	i = 0;
178 	int	count_user_obj=0, count_user=0, count_group_obj=0,
179 		count_group=0, count_mask=0, count_other=0;
180 
181 	acl_int = &acl->ats_acl;
182 
183 	/* printf("_posix1e_acl_check: checking acl with %d entries\n",
184 	    acl->acl_cnt); */
185 	while (i < acl_int->acl_cnt) {
186 		entry = &acl_int->acl_entry[i];
187 
188 		if ((entry->ae_perm | ACL_PERM_BITS) != ACL_PERM_BITS)
189 			return (EINVAL);
190 
191 		switch(entry->ae_tag) {
192 		case ACL_USER_OBJ:
193 			/* printf("_posix1e_acl_check: %d: ACL_USER_OBJ\n",
194 			    i); */
195 			if (stage > ACL_USER_OBJ)
196 				return (EINVAL);
197 			stage = ACL_USER;
198 			count_user_obj++;
199 			break;
200 
201 		case ACL_USER:
202 			/* printf("_posix1e_acl_check: %d: ACL_USER\n", i); */
203 			if (stage > ACL_USER)
204 				return (EINVAL);
205 			stage = ACL_USER;
206 			if (count_user && (entry->ae_id <= highest_uid))
207 				return (EINVAL);
208 			highest_uid = entry->ae_id;
209 			count_user++;
210 			break;
211 
212 		case ACL_GROUP_OBJ:
213 			/* printf("_posix1e_acl_check: %d: ACL_GROUP_OBJ\n",
214 			    i); */
215 			if (stage > ACL_GROUP_OBJ)
216 				return (EINVAL);
217 			stage = ACL_GROUP;
218 			count_group_obj++;
219 			break;
220 
221 		case ACL_GROUP:
222 			/* printf("_posix1e_acl_check: %d: ACL_GROUP\n", i); */
223 			if (stage > ACL_GROUP)
224 				return (EINVAL);
225 			stage = ACL_GROUP;
226 			if (count_group && (entry->ae_id <= highest_gid))
227 				return (EINVAL);
228 			highest_gid = entry->ae_id;
229 			count_group++;
230 			break;
231 
232 		case ACL_MASK:
233 			/* printf("_posix1e_acl_check: %d: ACL_MASK\n", i); */
234 			if (stage > ACL_MASK)
235 				return (EINVAL);
236 			stage = ACL_MASK;
237 			count_mask++;
238 			break;
239 
240 		case ACL_OTHER:
241 			/* printf("_posix1e_acl_check: %d: ACL_OTHER\n", i); */
242 			if (stage > ACL_OTHER)
243 				return (EINVAL);
244 			stage = ACL_OTHER;
245 			count_other++;
246 			break;
247 
248 		default:
249 			/* printf("_posix1e_acl_check: %d: INVALID\n", i); */
250 			return (EINVAL);
251 		}
252 		i++;
253 	}
254 
255 	if (count_user_obj != 1)
256 		return (EINVAL);
257 
258 	if (count_group_obj != 1)
259 		return (EINVAL);
260 
261 	if (count_mask != 0 && count_mask != 1)
262 		return (EINVAL);
263 
264 	if (count_other != 1)
265 		return (EINVAL);
266 
267 	return (0);
268 }
269 
270 /*
271  * Given a right-shifted permission (i.e., direct ACL_PERM_* mask), fill
272  * in a string describing the permissions.
273  */
274 int
275 _posix1e_acl_perm_to_string(acl_perm_t perm, ssize_t buf_len, char *buf)
276 {
277 
278 	if (buf_len < _POSIX1E_ACL_STRING_PERM_MAXSIZE + 1) {
279 		errno = ENOMEM;
280 		return (-1);
281 	}
282 
283 	if ((perm | ACL_PERM_BITS) != ACL_PERM_BITS) {
284 		errno = EINVAL;
285 		return (-1);
286 	}
287 
288 	buf[3] = 0;	/* null terminate */
289 
290 	if (perm & ACL_READ)
291 		buf[0] = ACL_STRING_PERM_READ;
292 	else
293 		buf[0] = ACL_STRING_PERM_NONE;
294 
295 	if (perm & ACL_WRITE)
296 		buf[1] = ACL_STRING_PERM_WRITE;
297 	else
298 		buf[1] = ACL_STRING_PERM_NONE;
299 
300 	if (perm & ACL_EXECUTE)
301 		buf[2] = ACL_STRING_PERM_EXEC;
302 	else
303 		buf[2] = ACL_STRING_PERM_NONE;
304 
305 	return (0);
306 }
307 
308 /*
309  * given a string, return a permission describing it
310  */
311 int
312 _posix1e_acl_string_to_perm(char *string, acl_perm_t *perm)
313 {
314 	acl_perm_t	myperm = ACL_PERM_NONE;
315 	char	*ch;
316 
317 	ch = string;
318 	while (*ch) {
319 		switch(*ch) {
320 		case ACL_STRING_PERM_READ:
321 			myperm |= ACL_READ;
322 			break;
323 		case ACL_STRING_PERM_WRITE:
324 			myperm |= ACL_WRITE;
325 			break;
326 		case ACL_STRING_PERM_EXEC:
327 			myperm |= ACL_EXECUTE;
328 			break;
329 		case ACL_STRING_PERM_NONE:
330 			break;
331 		default:
332 			return (EINVAL);
333 		}
334 		ch++;
335 	}
336 
337 	*perm = myperm;
338 	return (0);
339 }
340 
341 /*
342  * Add an ACL entry without doing much checking, et al
343  */
344 int
345 _posix1e_acl_add_entry(acl_t acl, acl_tag_t tag, uid_t id, acl_perm_t perm)
346 {
347 	struct acl		*acl_int;
348 	struct acl_entry	*e;
349 
350 	acl_int = &acl->ats_acl;
351 
352 	if (acl_int->acl_cnt >= ACL_MAX_ENTRIES) {
353 		errno = ENOMEM;
354 		return (-1);
355 	}
356 
357 	e = &(acl_int->acl_entry[acl_int->acl_cnt]);
358 	e->ae_perm = perm;
359 	e->ae_tag = tag;
360 	e->ae_id = id;
361 	acl_int->acl_cnt++;
362 
363 	return (0);
364 }
365 
366 /*
367  * Convert "old" type - ACL_TYPE_{ACCESS,DEFAULT}_OLD - into its "new"
368  * counterpart.  It's necessary for the old (pre-NFSv4 ACLs) binaries
369  * to work with new libc and kernel.  Fixing 'type' for old binaries with
370  * old libc and new kernel is being done by kern/vfs_acl.c:type_unold().
371  */
372 int
373 _acl_type_unold(acl_type_t type)
374 {
375 
376 	switch (type) {
377 	case ACL_TYPE_ACCESS_OLD:
378 		return (ACL_TYPE_ACCESS);
379 	case ACL_TYPE_DEFAULT_OLD:
380 		return (ACL_TYPE_DEFAULT);
381 	default:
382 		return (type);
383 	}
384 }
385 
386 char *
387 string_skip_whitespace(char *string)
388 {
389 
390 	while (*string && ((*string == ' ') || (*string == '\t')))
391 		string++;
392 
393 	return (string);
394 }
395 
396 void
397 string_trim_trailing_whitespace(char *string)
398 {
399 	char	*end;
400 
401 	if (*string == '\0')
402 		return;
403 
404 	end = string + strlen(string) - 1;
405 
406 	while (end != string) {
407 		if ((*end == ' ') || (*end == '\t')) {
408 			*end = '\0';
409 			end--;
410 		} else {
411 			return;
412 		}
413 	}
414 
415 	return;
416 }
417